Improved handling of request.POST in users app

2026-02-06 13:16:52 +00:00 · 2016-11-26 09:49:16 +01:00 · 2016-11-26 09:49:16 +01:00 · 2f9b9185c6
commit 2f9b9185c6
parent 470bd15973
2 changed files with 7 additions and 11 deletions
--- a/apimanager/users/templates/users/detail.html
+++ b/apimanager/users/templates/users/detail.html
@ -22,7 +22,7 @@
 		<h2>Add Entitlement</h2>
 		<form class="form-inline" action="{% url 'users-add-entitlement' apiuser.user_id %}" method="post">
 			{% csrf_token %}
-			<input type="hidden" name="user_email" value="{{ apiuser.email }}" />
+			<input type="hidden" name="next" value="{{ request.path }}" />
 			<div class="form-group">
 				<label for="users-detail-entitlement-role_name">Role name</label> <input type="text" class="form-control" name="role_name" id="users-detail-entitlements-role_name" aria-label="active" />
 			</div>
@ -45,7 +45,7 @@
 					{% if entitlement.entitlement_id %}
 						<form action="{% url 'users-delete-entitlement' apiuser.user_id entitlement.entitlement_id %}" method="post">
 							{% csrf_token %}
-							<input type="hidden" name="user_email" value="{{ apiuser.email }}" />
+							<input type="hidden" name="next" value="{{ request.path }}" />
 							<input type="hidden" name="role_name" value="{{ entitlement.role_name }}" />
 							<button type="submit" class="btn btn-primary btn-red">Delete</button>
 						</form>
--- a/apimanager/users/views.py
+++ b/apimanager/users/views.py
@ -96,8 +96,8 @@ class AddEntitlementView(LoginRequiredMixin, View):
        try:
            urlpath = '/users/{}/entitlements'.format(kwargs['user_id'])
            payload = {
-                'bank_id': request.POST['bank_id'],
-                'role_name': request.POST['role_name'],
+                'bank_id': request.POST.get('bank_id', ''),
+                'role_name': request.POST.get('role_name', ''),
            }
            entitlement = api.post(request, urlpath, payload=payload)
            msg = 'Entitlement with role {} has been added.'.format(
@ -106,9 +106,7 @@ class AddEntitlementView(LoginRequiredMixin, View):
        except APIError as err:
            messages.error(request, err)

-        redirect_url = reverse('users-detail', kwargs={
-            'user_email': request.POST['user_email'],
-        })
+        redirect_url = request.POST.get('next', reverse('users-index'))
        return HttpResponseRedirect(redirect_url)


@ -123,12 +121,10 @@ class DeleteEntitlementView(LoginRequiredMixin, View):
                kwargs['user_id'], kwargs['entitlement_id'])
            api.delete(request, urlpath)
            msg = 'Entitlement with role {} has been deleted.'.format(
-                request.POST['role_name'])
+                request.POST.get('role_name', '<undefined>'))
            messages.success(request, msg)
        except APIError as err:
            messages.error(request, err)

-        redirect_url = reverse('users-detail', kwargs={
-            'user_email': request.POST['user_email'],
-        })
+        redirect_url = request.POST.get('next', reverse('users-index'))
        return HttpResponseRedirect(redirect_url)